Bug 2063033

Summary: configuring per-suffix referral mode with dsconf does not work
Product: Red Hat Directory Server Reporter: sgouvern
Component: cockpit-389-dsAssignee: LDAP Maintainers <idm-ds-dev-bugs>
Status: CLOSED CURRENTRELEASE QA Contact: LDAP QA Team <idm-ds-qe-bugs>
Severity: medium Docs Contact: Evgenia Martynyuk <emartyny>
Priority: high    
Version: 12.1CC: idm-ds-dev-bugs, mreynolds, pasik, spichugi, tbordaz
Target Milestone: ---Keywords: Triaged
Target Release: dirsrv-12.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
.Configuring a referral for a suffix fails in Directory Server If you set a back-end referral in Directory Server, setting the state of the backend using the `dsconf <instance_name> backend suffix set --state referral` command fails with the following error: ---- Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state ---- As a consequence, configuring a referral for suffixes fail. To work around the problem: . Set the `nsslapd-referral` parameter manually: + ---- # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config changetype: modify add: nsslapd-referral nsslapd-referral: ldap://remote_server:389/dc=example,dc=com ---- . Set the back-end state: + ---- # dsconf <instance_name> backend suffix set --state referral ---- As a result, with the workaround, you can configure a referral for a suffix.
 Story Points: ---
Clone Of:
: 2063140 (view as bug list) Environment:
Last Closed: 2024-01-10 16:32:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2063140    

Description sgouvern 2022-03-11 07:48:02 UTC 
Description of problem:

After setting a backend referral using "dsconf inst1 backend suffix set --add-referral", 

setting the backend state to referral with "dsconf inst1 backend suffix set --state referral" returns an error  :
Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state 

Version-Release number of selected component (if applicable):
RHDS 12.0

How reproducible:
always

Steps to Reproduce:
Run these steps :
1. # dsconf inst1 backend suffix set --add-referral ldap://localhost:2389/dc=example,dc=com 'dc=example,dc=com'
The backend configuration was successfully updated
2. # dsconf inst1 backend suffix set --state referral userroot


Actual results:

Error: 103 - 9 - 53 - Server is unwilling to perform - [] - need to set nsslapd-referral before moving to referral state.

The suffix can't be configured with referral. 

Expected results:

Backend suffix state can be set to referral without error.

Additional info:

A workaround is to set nsslapd-referral in the mapping tree entry before running "dsconf inst1 backend suffix set --state referral" using ldapmodify :

# ldapmodify -D "cn=directory manager" -w secret12 -h localhost -p 1389 
dn: cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config
changetype: modify
add: nsslapd-referral
nsslapd-referral: ldap://localhost:2389/dc=example,dc=com

modifying entry "cn=dc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config"

# dsconf inst1 backend suffix set --state referral 'dc=example,dc=com'
The backend configuration was successfully updated
Comment 1 mreynolds 2022-09-14 15:14:09 UTC 
Also noticed:

[root@fedora mareynol]# dsconf localhost backend suffix set --state referral userroot
Error: 'BackendSuffixView' object has no attribute 'set_state'
Comment 2 mreynolds 2023-02-08 16:31:08 UTC 
*** Bug 2063140 has been marked as a duplicate of this bug. ***